Accelerated growth through 2014 entices vendors to offer SSL VPNs as alternative to traditional IPsec VPNs.
According to Gartner's John Girard, “IPsec VPN products have never caught up with SSL in terms of ease of implementation, policy and network access controls, and the ability to deliver security protections on demand. SSL VPNs are easy to set up in their default role as application portals, and offer decent performance for tunneled Layer 3 traffic.” With SSL VPNs gaining in customer acceptance, the real question to many is why retain both legacy IPsec VPNs and SSL VPNs when the administrative convenience, ease of use, and savings from a single vendor are so obvious?
SSL VPNs, although a maturing technology, face several challenges. Chief among them, points out the National Institute of Standards and Technology are, “limitations on their ability to support a large number of applications and clients, the methods of implementing network extension and endpoint security,” and the ability to provide clientless access or the use of the SSL VPN from public locations.”
Best-in-Class SSL VPNs feature:
- Provides for the VPN to initiate without a formally installed client other than a browser
- SSL VPN sessions able to survive interruptions and then can reconnect without first preserving an Internet Protocol (IP) address.
- SSL VPN provides better performance than legacy VPNs when used with major applications and ISVs (independent software vendors).
Top Considerations before Buying SSL VPNs;
Aside from cost, is the SSL VPN vendor offering easy to use? The ease of use of SSL VPNs puts them in a class by themselves. SSL VPNs should be easily operable on any browser, be it for desktop, laptop, smartphone; and since all browsers already contain embedded SSL and certificate authentication, browser-based SSL VPN makes reliability easier to maintain across networks; and since SSL is already optimized to facilitate application delivery, SSL VPN is therefore secure even over unreliable networks.
1. Array Networks, formerly known as ClickArray Networks, Inc., offers application delivery controllers (ADCs) for network applications’ processing; secure sockets layer (SSL), virtual private network (VPN) products, as well as public PKI infrastructure products. Array distributes its products principally in Asia, North America and Europe to over 3,500 customers–including enterprises, service providers, and government and vertical organizations in healthcare, finance, insurance and education. In 2008, Array offered a wireless, overlay security management and wake-on-LAN remote control to its VPN product lineup. Array's newest product Desktop Direct is a fully managed and secured solution for remote control, which also supports wake-on-LAN.
2. F5 provides technology that optimizes the delivery of network-based applications, as well as the security, performance, and availability of servers, data storage devices, and other network resources. F5 has been in the development process for SSL VPNs beginning in the 2000s, but got a technology boost with its acquisition of URoam, enabling its first FirePass product line. FirePass provides SSL VPN access for remote users of IP networks, and applications connected to those networks from any standard Web browser on any device. F5's marketplace distinctions are high performance and reliable gateways. It also offers a companion product, Application Security Manager, a Web application firewall that provides application-layer protection against generalized and targeted attacks.
3. Cisco considered acquiring an SSL VPN vendor in 2002, but opted instead to develop its own SSL internally. It released VPN 3000 in 2004. By 2007 the SSL VPN was becoming attractive, and by 2008, it became popular and competitive in both function and price. Cisco VPNs is an evolution that it inherited from Altiga, an earlier VPN acquisition, and the Twingo Systems acquisition, which provided the Cisco with baseline technology. Joel Snyder, after tests from Network World, reported that “while Cisco provides a solid and compact feature set for creating smaller SSL VPN extranets or adding SSL VPN network extension to improve compatibility for road warriors, its does not equal the capabilities of stand-alone SSL VPN products.”
4. Juniper Networks, founded in 1996, designs, develops, and sells products and services that provide network infrastructure used for the deployment of services and applications over a single Internet Protocol (IP) based network worldwide. Juniper realized its most promising SSL VPN product when it acquired NetScreen Technologies in 2004 and its Neoteris SSL VPN product, which itself had been previously acquired by NetScreen in 2003. The Neoteris product was early on highly competitive in the SSL VPN marketplace, a position and guiding philosophy that Juniper has maintained ever since with overall sales leadership in the category. Juniper competes on the basis of universal access, broad client platform support, and comprehensive infrastructure.
5. Citrix had for many years offered remote access beginning in 2004, but it wasn't until 2005, with it acquisition of Net6, followed by another acquisition of NetScaler that it combined remote access to produce today's Citrix Access Gateway and the NetScaler series of products for accelerated secure remote access. In 2009, Citrix released a revamped SSL VPN client called the Citrix Receiver, which has been ported to a wide range of platforms, including smartphones. According to a recent Gartner report, "Within its vast and profitable installed base for server-based computing, Citrix is a strong competitor with other SSL VPN vendors," and as of 2009 its installed base was approaching that of Juniper Networks.
Definition: SSL VPN is the abbreviation for Secure Sockets Layer Virtual Private Network. An SSL VPN is a form of VPN that may be used with a standard Web browser and consists of one or more VPN devices to which the user connects by using his Web browser. It is used to give remote users with access to Web applications, client/server applications and internal network connections. The traffic between the Web browser and the SSL VPN device is encrypted with the SSL protocol or its successor, the Transport Layer Security (TLS) protocol.